Getting an Azure AD Access Token using Postman

If you work at all with REST APIs you’ll no doubt be familiar with Postman. Postman provides a super simple UI for developing and testing APIs and has a built-in feature for requesting OAuth 2.0 Access Tokens. The procedure below describes how to make a request to the Azure REST API to list the available Azure subscriptions. The documentation for the Azure REST API is available here and provides ample detail on how to build a request to the Azure API.

Procedure

  1. Open Postman and create a new GET request to https://management.azure.com/subscriptions?api-version=2016-09-01.
  2. Click Send
  3. The request should fail but that’s ok for now.
  4. Click on the Authorization section and change the Type to OAuth 2.0.
  5. Click the button that appears entitled Get new Access Token.
  6. Give the Token a meaningful name.
  7. Set Auth URL to https://login.microsoftonline.com/common/oauth2/authorize?resource=https://management.azure.com/. Please keep in mind that this ‘resource’ parameter is what’s required to talk to the Azure Resource Manger API.
  8. Set Access Token URL to https://login.microsoftonline.com/common/oauth2/token.
  9. ClientID and Client Secret are required and you can obtain them by registering an Azure AD Application. Make sure you grant access to the ‘Windows Azure Service Management API’ on the ‘Required Permissions’ tab.
  10. You will also need to ensure that https://www.getpostman.com/oauth2/callback is set as one of your Reply URLs.
  11. Leave Scope empty .
  12. Set Grant Type to Authorization Code
  13. You should have something like this:
  14. Click request token.
  15. You should now be presented with the usual sign-in screen for Azure.
  16. After you’ve signed in a new token should appear.
  17. Select the new token and change the Add token drop down to Header and then select Use Token
  18. You will notice that there is now an Authorization header added to the request.

You should now be able to click ‘Send’ and get a response back from the Azure API. Enjoy!

Author image
About Jacob Hodges